General
-
Target
8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e.msi
-
Size
2.1MB
-
Sample
220116-x2zqksgccr
-
MD5
2db9ee63581f0297d8ca118850685602
-
SHA1
244c7008be6f767f0f31a341fe0e70fa2e9a5399
-
SHA256
8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e
-
SHA512
58cf0bdfe777ffcb01f9795d859f2daa9cb77d7587d1f054d8f5a0d456289d36e3c155fa6d6f5f4d47ef742a7038c3fa98b27093d6394e5db31cb5854ff5c8ff
Static task
static1
Behavioral task
behavioral1
Sample
8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e.msi
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.38
idegasbre.ddns.net:1312
-
communication_password
61bf8edd6e339f90f18f7860fe4c0939
-
tor_process
tor
Targets
-
-
Target
8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e.msi
-
Size
2.1MB
-
MD5
2db9ee63581f0297d8ca118850685602
-
SHA1
244c7008be6f767f0f31a341fe0e70fa2e9a5399
-
SHA256
8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e
-
SHA512
58cf0bdfe777ffcb01f9795d859f2daa9cb77d7587d1f054d8f5a0d456289d36e3c155fa6d6f5f4d47ef742a7038c3fa98b27093d6394e5db31cb5854ff5c8ff
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-